GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Someone mentioned that the claim that linux is written by volunteers is now fantasy, in fact nowadays it is all written by companies, eg Canonical. Furthermore, it was only for a few years at the very beginning that linux was truly a volunteer effort.
Can someone provide any articles about this?
Also, can a backdoor be hidden from any volunteers auditing the code, eg by posing as part of the update manager which secretly downloads the backdoor?
Distribution: Ubuntu 11.4,DD-WRT micro plus ssh,lfs-6.6,Fedora 15,Fedora 16
Posts: 3,233
Rep:
first of all lets not confuse linux, which is merely the kernel, with a linux based os like ubuntu/redhat/fedora
the Linux kernel itself is mainly i believe written by volunteers with some companies helping out as well
there is also quite a bit of FOSS (free open source software) written for linux based systems by volunteers, far more then proprietary software for linux based written by companies
so yes a significant portion of linux and software for linux based oses are still volunteer written, though i believe 'volunteer' wouldn't be as appropriate a word as 'hobbyist' since `volunteer` implies that they are doing it with others in mind whereas a lot of FOSS is written by the developer for themselves first and others second
I would only worry if Microsoft started funding development
Seriously, is this an issue?
Only an issue to the extent that certain powers-that-be want to put backdoors in every o/s. Microsoft has been forced to comply at least once, there was an NSA code discovered in some early versions of windows. I bet Microsoft still take orders from such unasavoury organizations.
Quote:
Why shouldn't developers be paid for their work?
Yes, and it would be nicer if the only funding were donations from person to person, not through organizations because these are more likely to have dark strings attached. If the receiver feels he owes to others they might donate themselves to who they think deserves it.
For the purposes of security against any backdoors, we should be concerned with both the kernel and commonly used applications. Uncommon applications probably do not matter.
Slackware uses the same software as anyone else. The purpose of a distribution is to assemble a kernel, tools and other software to a complete suite, that is simple to install and use.
In this regard Slackware is the same as any other distribution. Slackware is very well tested, but not one (general purpose) distribution has the capacities to have a look at all sources of any software that they include.
By the way, why do you suppose that only corporations can implement backdoors in a software, what would hold back a bunch of hobbyists to do that, if they want?
One of the strengths of Linux is that there are many eyes looking at the code and these people do not work for a common corporation. So, as well as the independent coders, we also see coders from competing organisations. All a distribution does is turn all that lovely code into a set of packages and a nice looking install. If the code is compromised, then all versions using that code will also be compromised.
Although Slackware is not backed by a billion dollar corporation, Pat and the team put an awful lot of work into the product and the stability and quality of Slackware reflect that.
Is it possible that a trick is found to insert a backdoor? Eg as a package that no one would check because it is not mainstream, but which is quietly installed by a mainstream package?
Quote:
Originally Posted by TobiSGD
By the way, why do you suppose that only corporations can implement backdoors in a software, what would hold back a bunch of hobbyists to do that, if they want?
Not only coorporations, but rather:
Quote:
these are more likely to have dark strings attached
Btw, in some of the links given it says Canonical is withholding changes they have made to some sources they got as open source. n other words, ubuntu can only be fully source-checked by Canonical.
Backdoors can be placed everywhere, in software and hardware alike. We've discussed this in quite a few threads in the Linux Security forum. If the subject truly interests you then nothing beats being objective and doing research yourself. Believing hearsay and using flawed metrics like "reputation" will only lead to even more increased paranoia and gullibility, making one believe almost anything.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
